Remove the -P options of oid2name and pgbench, as they are security

hazards.  Instead teach these programs to prompt for a password when
necessary, just like all our other programs.
I did not bother to invent -W switches for them, since the return on
investment seems so low.

4 files changed, 81 insertions, 59 deletions

diff --git a/contrib/oid2name/oid2name.c b/contrib/oid2name/oid2name.c
index 5d5cf5733e..9e19edfbc0 100644
--- a/contrib/oid2name/oid2name.c
+++ b/contrib/oid2name/oid2name.c
@@ -4,6 +4,7 @@
  *
  * Originally by
  * B. Palmer, [email protected] 1-17-2001
+ *
  * $PostgreSQL$
  */
 #include "postgres_fe.h"
@@ -43,7 +44,6 @@ struct options
 	char	   *hostname;
 	char	   *port;
 	char	   *username;
-	char	   *password;
 };
 
 /* function prototypes */
@@ -76,10 +76,9 @@ get_opts(int argc, char **argv, struct options * my_opts)
 	my_opts->hostname = NULL;
 	my_opts->port = NULL;
 	my_opts->username = NULL;
-	my_opts->password = NULL;
 
 	/* get opts */
-	while ((c = getopt(argc, argv, "H:p:U:P:d:t:o:f:qSxish?")) != -1)
+	while ((c = getopt(argc, argv, "H:p:U:d:t:o:f:qSxish?")) != -1)
 	{
 		switch (c)
 		{
@@ -123,11 +122,6 @@ get_opts(int argc, char **argv, struct options * my_opts)
 				my_opts->username = mystrdup(optarg);
 				break;
 
-				/* password */
-			case 'P':
-				my_opts->password = mystrdup(optarg);
-				break;
-
 				/* display system tables */
 			case 'S':
 				my_opts->systables = true;
@@ -166,8 +160,6 @@ get_opts(int argc, char **argv, struct options * my_opts)
 					 "        -H host               connect to remote host\n"
 					"        -p port               host port to connect to\n"
 				   "        -U username           username to connect with\n"
-					  "        -P password           password for username\n"
-						"                              (see also $PGPASSWORD and ~/.pgpass)\n"
 					);
 				exit(1);
 				break;
@@ -275,22 +267,49 @@ PGconn *
 sql_conn(struct options * my_opts)
 {
 	PGconn	   *conn;
+	char	   *password = NULL;
+	bool		new_pass;
 
-	/* login */
-	conn = PQsetdbLogin(my_opts->hostname,
-						my_opts->port,
-						NULL,	/* options */
-						NULL,	/* tty */
-						my_opts->dbname,
-						my_opts->username,
-						my_opts->password);
-
-	/* deal with errors */
-	if (PQstatus(conn) != CONNECTION_OK)
+	/*
+	 * Start the connection.  Loop until we have a password if requested by
+	 * backend.
+	 */
+	do
 	{
-		fprintf(stderr, "%s: connection to database '%s' failed.\n", "oid2name", my_opts->dbname);
-		fprintf(stderr, "%s", PQerrorMessage(conn));
+		new_pass = false;
+		conn = PQsetdbLogin(my_opts->hostname,
+							my_opts->port,
+							NULL,	/* options */
+							NULL,	/* tty */
+							my_opts->dbname,
+							my_opts->username,
+							password);
+		if (!conn)
+		{
+			fprintf(stderr, "%s: could not connect to database %s\n",
+					"oid2name", my_opts->dbname);
+			exit(1);
+		}
+
+		if (PQstatus(conn) == CONNECTION_BAD &&
+			PQconnectionNeedsPassword(conn) &&
+			password == NULL &&
+			!feof(stdin))
+		{
+			PQfinish(conn);
+			password = simple_prompt("Password: ", 100, false);
+			new_pass = true;
+		}
+	} while (new_pass);
+
+	if (password)
+		free(password);
 
+	/* check to see that the backend connection was successfully made */
+	if (PQstatus(conn) == CONNECTION_BAD)
+	{
+		fprintf(stderr, "%s: could not connect to database %s: %s",
+				"oid2name", my_opts->dbname, PQerrorMessage(conn));
 		PQfinish(conn);
 		exit(1);
 	}
diff --git a/contrib/pgbench/pgbench.c b/contrib/pgbench/pgbench.c
index 977ff9691d..340846505b 100644
--- a/contrib/pgbench/pgbench.c
+++ b/contrib/pgbench/pgbench.c
@@ -94,7 +94,6 @@ char	   *pgport = "";
 char	   *pgoptions = NULL;
 char	   *pgtty = NULL;
 char	   *login = NULL;
-char	   *pwd = NULL;
 char	   *dbName;
 
 /* variable definitions */
@@ -188,8 +187,8 @@ static char *select_only = {
 static void
 usage(void)
 {
-	fprintf(stderr, "usage: pgbench [-h hostname][-p port][-c nclients][-t ntransactions][-s scaling_factor][-D varname=value][-n][-C][-v][-S][-N][-f filename][-l][-U login][-P password][-d][dbname]\n");
-	fprintf(stderr, "(initialize mode): pgbench -i [-h hostname][-p port][-s scaling_factor] [-F fillfactor] [-U login][-P password][-d][dbname]\n");
+	fprintf(stderr, "usage: pgbench [-h hostname][-p port][-c nclients][-t ntransactions][-s scaling_factor][-D varname=value][-n][-C][-v][-S][-N][-f filename][-l][-U login][-d][dbname]\n");
+	fprintf(stderr, "(initialize mode): pgbench -i [-h hostname][-p port][-s scaling_factor] [-F fillfactor] [-U login][-d][dbname]\n");
 }
 
 /* random number generator */
@@ -218,32 +217,50 @@ executeStatement(PGconn *con, const char *sql)
 static PGconn *
 doConnect(void)
 {
-	PGconn	   *con;
+	PGconn	   *conn;
+	static char *password = NULL;
+	bool		new_pass;
 
-	con = PQsetdbLogin(pghost, pgport, pgoptions, pgtty, dbName,
-					   login, pwd);
-	if (con == NULL)
+	/*
+	 * Start the connection.  Loop until we have a password if requested by
+	 * backend.
+	 */
+	do
 	{
-		fprintf(stderr, "Connection to database '%s' failed.\n", dbName);
-		fprintf(stderr, "Memory allocatin problem?\n");
-		return (NULL);
-	}
+		new_pass = false;
 
-	if (PQstatus(con) == CONNECTION_BAD)
-	{
-		fprintf(stderr, "Connection to database '%s' failed.\n", dbName);
+		conn = PQsetdbLogin(pghost, pgport, pgoptions, pgtty, dbName,
+							login, password);
+		if (!conn)
+		{
+			fprintf(stderr, "Connection to database \"%s\" failed\n",
+					dbName);
+			return NULL;
+		}
 
-		if (PQerrorMessage(con))
-			fprintf(stderr, "%s", PQerrorMessage(con));
-		else
-			fprintf(stderr, "No explanation from the backend\n");
+		if (PQstatus(conn) == CONNECTION_BAD &&
+			PQconnectionNeedsPassword(conn) &&
+			password == NULL &&
+			!feof(stdin))
+		{
+			PQfinish(conn);
+			password = simple_prompt("Password: ", 100, false);
+			new_pass = true;
+		}
+	} while (new_pass);
 
-		return (NULL);
+	/* check to see that the backend connection was successfully made */
+	if (PQstatus(conn) == CONNECTION_BAD)
+	{
+		fprintf(stderr, "Connection to database \"%s\" failed:\n%s",
+				dbName, PQerrorMessage(conn));
+		PQfinish(conn);
+		return NULL;
 	}
 
-	executeStatement(con, "SET search_path = public");
+	executeStatement(conn, "SET search_path = public");
 
-	return (con);
+	return conn;
 }
 
 /* throw away response from backend */
@@ -1258,7 +1275,7 @@ main(int argc, char **argv)
 
 	memset(state, 0, sizeof(*state));
 
-	while ((c = getopt(argc, argv, "ih:nvp:dc:t:s:U:P:CNSlf:D:F:")) != -1)
+	while ((c = getopt(argc, argv, "ih:nvp:dc:t:s:U:CNSlf:D:F:")) != -1)
 	{
 		switch (c)
 		{
@@ -1333,9 +1350,6 @@ main(int argc, char **argv)
 			case 'U':
 				login = optarg;
 				break;
-			case 'P':
-				pwd = optarg;
-				break;
 			case 'l':
 				use_log = true;
 				break;
diff --git a/doc/src/sgml/oid2name.sgml b/doc/src/sgml/oid2name.sgml
index f4c4f3df47..027229b352 100644
--- a/doc/src/sgml/oid2name.sgml
+++ b/doc/src/sgml/oid2name.sgml
@@ -110,12 +110,6 @@
       <entry><literal>-U</literal> <replaceable>username</></entry>
       <entry>username to connect as</entry>
      </row>
-
-     <row>
-      <entry><literal>-P</literal> <replaceable>password</></entry>
-      <entry>password (deprecated &mdash; putting this on the command line
-       is a security hazard)</entry>
-     </row>
     </tbody>
    </tgroup>
   </table>
diff --git a/doc/src/sgml/pgbench.sgml b/doc/src/sgml/pgbench.sgml
index 967180ed1c..88b85f0f4b 100644
--- a/doc/src/sgml/pgbench.sgml
+++ b/doc/src/sgml/pgbench.sgml
@@ -282,11 +282,6 @@ pgbench <optional> <replaceable>options</> </optional> <replaceable>dbname</>
       <entry><literal>-U</literal> <replaceable>login</></entry>
       <entry>username to connect as</entry>
      </row>
-     <row>
-      <entry><literal>-P</literal> <replaceable>password</></entry>
-      <entry>password (deprecated &mdash; putting this on the command line
-       is a security hazard)</entry>
-     </row>
     </tbody>
    </tgroup>
   </table>